ForeScout Technologies Ayelet Steinitz, Product Manager April, 2003

  • View
    213

  • Download
    0

Embed Size (px)

Text of ForeScout Technologies Ayelet Steinitz, Product Manager April, 2003

  • Slide 1
  • Slide 2
  • ForeScout Technologies Ayelet Steinitz, Product Manager April, 2003
  • Slide 3
  • The Problem Constant New Threats and Vulnerabilities Current Solutions Not Sufficient Reactive Solutions Incur False Positives Reactive Solutions Miss Unknown Attacks Do not allow for automatic action Inherent Window of Vulnerability High Maintenance and TCO
  • Slide 4
  • A New Approach to Network Security Proven IntentAnalysisPolicy Protect By.. Key Issues Identify attacker intent Stop attacker from reaching network Proactive Pattern recognition By Anomaly Forensics Reactive Access list by services offered Characteristics Low Cost Low Complexity Dynamic High Cost To Update To Manage Low Cost Defined Policy Static Cost to Maintain Accurate Confident to act. If ActiveScout identifies a Bad Guy: Its a BAD GUY! False Positives Not confident to take automatic action Accurate Does exactly what you told it to do! Accuracy (False Positives) ActiveScoutIDS / IPSFirewall Product
  • Slide 5
  • Knowledge: Mandatory Requirement Knowledge is needed 100% of the time Social Engineering Password Snare Networking Public Domain Email Server Web Server Reconnaissance 20 types Precedes Majority of Attacks
  • Slide 6
  • Knowledge: Mandatory Requirement Knowledge is needed 100% of the time Social Engineering Password Snare Networking Public Domain Email Server Web Server Reconnaissance 20 types Precedes Majority of Attacks
  • Slide 7
  • Most network attacks are preceded by reconnaissance activity to determine available services and network resources. AttackerInternetRouter FirewallEnterprise Typical Attack Process
  • Slide 8
  • The network sends information about available hosts and services in response to the reconnaissance. AttackerInternetRouter FirewallEnterprise Typical Attack Process
  • Slide 9
  • With this information, the attacker utilizes existing or new exploits to break into the network. AttackerInternetRouter FirewallEnterprise Typical Attack Process
  • Slide 10
  • ActiveScout Intrusion Prevention ActiveScout identifies all reconnaissance used by a potential attacker. AttackerInternetRouter FirewallEnterprise Scout Site Manager
  • Slide 11
  • ActiveScout watches the networks response, and sends its own unique information to the potential attacker. This unique information, or mark, is not distinguishable from the networks legitimate response. AttackerInternetRouter FirewallEnterprise Scout Site Manager ActiveScout Intrusion Prevention
  • Slide 12
  • When the attacker uses the mark to launch an exploit, ActiveScout accurately identifies it and can actively block the attacker. AttackerInternetRouter FirewallEnterprise Scout Site Manager ActiveScout Intrusion Prevention
  • Slide 13
  • Growing Risk of Unknown Attacks Q1 thru Q3 Only Vulnerability increase of 5000% from 1995 to 2001 Source: CERT Coordination Center, 2002 New Vulnerabilities 89% of corporations successfully attacked had firewalls, 60% had Legacy IDSes. Source: CSI/FBI 2002 Report
  • Slide 14
  • The ActiveScout Difference Difference #1 Difference #2 Difference #3 Difference #4 Blocks Unknown Attacks Minimal Cost Of Prevention Instantaneous Prevention 100% Accurate (no false positives, confidence to block)
  • Slide 15
  • The ActiveScout Difference Difference #1 Difference #2 Difference #3 Difference #4 Minimal Cost Of Prevention Instantaneous Prevention 100% Accurate (no false positives, confidence to block) Blocks Unknown Attacks
  • Slide 16
  • Time to Prevention Without ActiveScout Protection available New vulnerabilities (hundreds/month) Exploit is known to security community Spida spreads Spida detected Protection offered Time New Vulnerabilities Window of Vulnerability Time to Protection Days/Weeks/Months/Never?
  • Slide 17
  • Time Spida spreads Spida detected Protection offered Protection available Exploit is known to security community New Vulnerabilities New vulnerabilities (hundreds/month) Time to Protection Immediate Window of Vulnerability Zero Instantaneous Prevention With ActiveScout
  • Slide 18
  • State of Security Today Intranet Security Internet Intranet Security Myriad of security products (HIDS, NIDS, anti-virus)
  • Slide 19
  • State of Security Today Firewall Intranet Security Internet Firewall Provides robust static prevention according to predefined policies Intranet Security Myriad of security products (HIDS, NIDS, anti-virus)
  • Slide 20
  • Firewall ActiveScout ActiveScout Prevents intrusions from known and unknown threats in front of the firewall Intranet Security Instantaneous Prevention Firewall Provides robust static prevention according to predefined policies Intranet Security Myriad of security products (HIDS, NIDS, anti-virus) Internet
  • Slide 21
  • The ActiveScout Difference Difference #1 Difference #2 Difference #3 Difference #4 Minimal Cost Of Prevention Instantaneous Prevention Blocks Unknown Attacks 100% Accurate (no false positives, confidence to block)
  • Slide 22
  • ActiveScout Minimal Cost of Prevention Legacy Systems ActiveScout Action Analysis of alerts Correlation analysis Policy tuning Fix the damage Installation Software updates Signature updates Write your own signature $$$$$$$$$$Investment
  • Slide 23
  • The ActiveScout Difference False Alarm RateTime to PreventionCost of Prevention 30%-60% 0% Days, Months, Years $$$$$$$ 0% $ Conventional Systems Conventional Systems Conventional Systems ActiveScout
  • Slide 24
  • ForeScouts Intrusion Prevention Solutions ActiveScout Site Solution Precisely identifies and then blocks attackers at a single internet access point with zero false alarms. ActiveScout Enterprise Solution Precisely identifies and then blocks attackers with zero false alarms across a large enterprise. Enterprise Manager Provides centralized management of all Scouts deployed Enterprise Heads-Up Thwarts the rapid spread of attacks from one internet access point to the next.
  • Slide 25
  • . Internet Scout Site Manager Router Enterprise Firewall ActiveScout Site Solution Intrusion Prevention for Each Internet Access Point
  • Slide 26
  • ActiveScout Enterprise Solution Protects an entire enterprise Centralized viewing of all attack activity around the world Centralized management of groups of Scouts Ability to push new software updates to remote Scouts
  • Slide 27
  • Internet Scout Management Server Enterprise Manager Site Manager ActiveScout Enterprise Solution Intrusion Prevention for Multiple Internet Access Points Scout
  • Slide 28
  • Enterprise Heads-Up Enterprise deployments only Immediate sharing of threat information across multiple Scouts to assure proactive prevention across the enterprise Provides the fastest way to protect from new attacks traversing the internet
  • Slide 29
  • Enterprise Heads-Up Step 3. San Francisco Scout ready to block attacker Step 1. Attacker detected by New York Scout Step 2. Attack information immediately sent to Management Server New York San Francisco Management Server
  • Slide 30
  • Summary Accurate Identification Zero False Positives Block Known and Unknown Attacks Instantaneous Prevention Minimal Cost of Prevention
  • Slide 31
  • ForeScout Technologies, Inc. 2755 Campus Drive, Suite 115 San Mateo, CA 94403 (650) 358-5580 www.forescout.com Ayelet Steinitz Product Manager, ActiveScout Tel. (650)358-5586 asteinitz@forescout.com